SY0-301 · Question #567
SY0-301 Question #567: Real Exam Question with Answer & Explanation
The correct answer is A: Create a VLAN for the SCADA. Segmenting the SCADA network onto its own VLAN isolates critical industrial control systems from other network segments, limiting the ability of malware or unauthorized users to reach the control console. Network isolation is the primary defense-in-depth measure for ICS/SCADA env
Question
Options
- ACreate a VLAN for the SCADA
- BEnable PKI for the MainFrame
- CImplement patch management
- DImplement stronger WPA2 Wireless
Explanation
Segmenting the SCADA network onto its own VLAN isolates critical industrial control systems from other network segments, limiting the ability of malware or unauthorized users to reach the control console. Network isolation is the primary defense-in-depth measure for ICS/SCADA environments.
Common mistakes.
- B. Enabling PKI for the mainframe addresses certificate-based authentication but does not isolate the SCADA network from external access or prevent unauthorized file uploads via physical or network access.
- C. Patch management would address software vulnerabilities but does not prevent the network-level access that allowed contractors to upload the malicious executable to the control console.
- D. Implementing WPA2 wireless security addresses wireless authentication but is irrelevant if the malware was uploaded through a wired connection or physical console access during the contractors' visit.
Concept tested. SCADA network segmentation using VLANs
Community Discussion
No community discussion yet for this question.